-
Jun 8th, 2020, 04:03 PM
#1
Thread Starter
Hyperactive Member
Connection string in web.config file
I stored connection string in web.config file in which including server name, user name and password.
Also, I use publish way to compile asp.net apps to web server.
But, IT people said that web.config file need to be encrypted.
Questions.
1) How to encrypt web.config?
2) Is there another way to store connection string?
-
Jun 8th, 2020, 04:44 PM
#2
Re: Connection string in web.config file
https://docs.microsoft.com/en-us/pre...fkaw(v=vs.100)
found by typing "Encrypt web.config" into google funnily enough
-
Jun 8th, 2020, 07:42 PM
#3
Re: Connection string in web.config file
If you're on a domain it also isn't uncommon to use Windows Authentication for the connection to the SQL server by setting integrated security to true. That way no credentials are stored in the web.config and the operations team has full control over the user running the app pool/making the connection to the database.
-
Jun 19th, 2020, 12:20 AM
#4
Lively Member
Re: Connection string in web.config file
Hello,@aspfn
Please try this code,To Connection string in web.config file
Code:
<connectionStrings>
<add name="yourconnectinstringName" connectionString="Data Source= DatabaseServerName; Integrated Security=true;Initial Catalog= YourDatabaseName; uid=YourUserName; Password=yourpassword; " providerName="System.Data.SqlClient" />
</connectionStrings>
I hope this code will be useful for you.
Thank You.
-
Jun 19th, 2020, 12:43 AM
#5
Re: Connection string in web.config file
You may like to check this out, which deals with Protected Configuration:
http://www.vbforums.com/showthread.p...-Config-Files)
I wrote that a while ago and it was aimed at Windows apps but the tools are part of ASP.NET and the information relates the the link provided in post #2.
-
Jun 19th, 2020, 12:44 AM
#6
Re: Connection string in web.config file
Originally Posted by Prahlad
Hello,@aspfn
Please try this code,To Connection string in web.config file
Code:
<connectionStrings>
<add name="yourconnectinstringName" connectionString="Data Source= DatabaseServerName; Integrated Security=true;Initial Catalog= YourDatabaseName; uid=YourUserName; Password=yourpassword; " providerName="System.Data.SqlClient" />
</connectionStrings>
I hope this code will be useful for you.
Thank You.
That does not answer the question asked. The OP already knows how to store a connection string in the config file. It's encrypting it to store it securely that is the issue.
-
Jul 3rd, 2020, 02:21 AM
#7
Lively Member
Re: Connection string in web.config file
The connection string property must be placed under configuration tag in your web config file. Here is mine.
Code:
<connectionStrings>
<add name="myConnection" connectionString="Data Source=SIBEESHVENU\SQLEXPRESS;Initial Catalog=ReportServer$SQLEXPRESS;Integrated Security=True" />
</connectionStrings>
Now we will create a web page and in the page load event we will fetch this connection string and write it as a response.
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace EncryptConnectionString
{
public partial class Default: System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
try
{
string myCon = System.Configuration.ConfigurationManager.ConnectionStrings["myConnection"].ConnectionString;
if (myCon != null)
{
Response.Write("My connection string is :" + myCon);
}
}
catch (Exception)
{
throw;
}
}
}
}
}
Please run your page, you will see your connection string in your page.
Connection string response
Encrypt connection string
To start the process, you must open your command window with the admin privilege. Then type the following command.
Code:
cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
This command will narrate you to the framework version folder given. Now right click on your project and click open folder in file explorer and then copy the location. For me it is F:\Visual Studio\EncryptConnectionString\EncryptConnectionString. Now please go back to your command prompt and type the command as follows.
Code:
ASPNET_REGIIS -PEF "connectionStrings" "F:\Visual Studio\EncryptConnectionString\EncryptConnectionString"
-
Aug 19th, 2020, 09:31 AM
#8
New Member
Re: Connection string in web.config file
Yes, you need to encrypt your connection strings inside your web.config else your site will be at risk if anyone with bad intention have access to it.
If am not mistaking, this can be done either from codebehind or command prompt using aspnet_iis.exe utility.
For the utility, u
You need to pass -pef parameter for encryption and -pdf for decryption.
A very good example I found was the one written by Nuelson. Check it https://www.emmason247.com.ng/tutori...ion/VGWIGGDCDD
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|